One of the really cool things about being a hacker is that we get to discover new things. It’s kind of like being an adventurer or explorer. You might feel like Lara Croft or Indiana Jones some days because of the cool things you find. I’ve found more and more lately that I love exploring and going on little adventures to find neat things. At home, we have a giant backyard that backs up to a nature preserve, so we like to go explore there sometimes and see all the cool animals that live there…except the rattlesnakes and copperheads. Not a fan of those.
Over the last few years, I’ve learned that I love exploring underwater as well. Recently, we celebrated my wife’s birthday in the Mexican Riviera Maya (between Cancun and Playa del Carmen), and I snorkeled just off the beach every day that I was there. I took underwater video of quite a bit of the sea life – it was AMAZING. The water wasn’t very deep, and it was clear enough that I could see all types of sea life, including stingrays (which don’t like to be touched in the wild apparently), starfish, colorful fish, and even a green moray eel. The eel was at least 5 feet long, and about 6 inches in diameter, with a huge mouth full of sharp teeth. Not gonna lie, that eel was scary.
Discovering new things (like sharp-toothed dangers lurking in the depths of a system) is part of the hacker subculture. The original hackers at MIT were model train conductors who were simply trying to automate the trains. They built a control system based on telephone relays to power and switch the tracks, backed with a mainframe computer to provide routing information and other data needed to make the trains run smoothly. They, like all of us hackers to come after them, had a want, a passion, a drive, a NEED to learn as much about a system and master it. They believed that “information wants to be free.” They were adventurers. They were explorers of the unknown.
So let’s talk about the hacker’s mindset: that burning curiosity and desire that drives us to explore and learn. It drives us to take existing things and try to make them better. It drives us to create things that didn’t exist before. It drives us to explore the unknown just to see what’s on the other side. We study whatever system we’re trying to hack. We learn it inside and out. We master it.
That’s the thought process of all hackers – that and a “Hey guys, watch this!” mentality. Yeah, it can backfire, but often we find ourselves adventuring into the unknown and bypassing what we previously thought were limitations of our capabilities. We flip the switch. We push the boundaries. We press that red button. We try to understand how different configurations cause different actions. After all, the more we know about how the system works, the better we understand how to manipulate it.
Hackers today strive to know as much as possible about all kinds of technologies, and work to make them better. Without hackers, we would not have the cool toys and tech we have now (and tomorrow). Cloud services evolved out of system virtualization. Virtualization evolved out of hardware capabilities increasing exponentially over a short time. These hardware capabilities evolved because someone said “Let’s see how far I can overclock this processor until it melts…” with the CPUs of old. (I may have overclocked a couple of CPUs in my time.) CPUs evolved from transistors, which evolved from radio technology, which evolved from…you get the idea. Of course, that begs the question: “What’s next?” I don’t know, but I’m excited to find out.
Do these possibilities excite you? Do you share that same drive? That same need? Do you like exploring, and adventuring into the unknown?
If you’re reading this blog, then I would venture a guess that you’re at least somewhat interested in hacking all the things (the hacker mindset). Perhaps you want to become a pentester, or you want to learn how to defend your network, or maybe it’s simply that you’re someone who likes to take things apart just to see how they work. I was that person. I’m STILL that person.
If you’re wondering how to get a start in learning some of the tricks and techniques that hackers like myself and my team here at Secure Ideas use, please allow me to give you some pointers.
Disclaimer: ONLY PRACTICE THESE TECHNIQUES ON SYSTEMS YOU ARE EXPLICITLY AUTHORIZED TO PRACTICE ON. I can’t stress this enough. Hacking into someone else’s computer just to do it or show off is a bad idea. Period. If you did not build it yourself, or get explicit authorization from the system owner to break a system, then you risk harming yourself and the systems you break. All of our pentest engagements are under a contract agreed to by both Secure Ideas and our client. There are explicit rules of engagement in the contract, and we have constant contact with our clients to ensure that we provide the best pentest experience ever. Remember, we get paid to hack into systems. With that said, I’ll discuss some ways below to build or access systems you can have explicit authorization to hack and break into.
When I started on my journey, virtualization was not the platform it is today. Now, most systems are virtualized, and can be destroyed and rebuilt in seconds. So grab one of the various VM platforms (I would suggest starting with Virtualbox or VMware Workstation Player) and learn how to build and fix your own systems. Once you’ve mastered that, learn how to install and configure the software you want to hack. It’s the safest way to explore the vast world of vulnerabilities and exploits.
Of course, some software may be harder to obtain and attempt to install than others. In this case, look for online capture-the-flag (CTF) hacking sites. There are SEVERAL to choose from, and I’ll recommend a couple that I’m familiar with and have actually used. Of course, these sites are use at your own risk. I connect to the various systems (typically through OpenVPN connections) from a Kali VM through Virtualbox. There are two reasons for this - it’s safer to connect from a VM rather than your everyday system, and Kali has almost all the tools I need to work with. Also, I’ve used Kali for years, and quite simply, I like it.